Make SSL_set_tlsext_host_name no effect from server side

Documentation and test cases are also updated Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3783)
author: Paul Yang <yang.yang@baishancloud.com> 2017-06-28 15:46:13 +0800
committer: Rich Salz <rsalz@openssl.org> 2017-07-28 11:51:59 -0400
commit: 190b9a03b72a8029c27e4bd0ab000129e240a413 (patch)
tree: 9d0c1d44825c86a1ce1b2a7e3008072cdf7617f9 /doc
parent: 3ca1f892a7d94fb1595408f5fe80dee51dceb3b8 (diff)
1 files changed, 12 insertions, 2 deletions
diff --git a/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod b/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod
index 673d98fac8..151de16079 100644
--- a/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod
+++ b/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod
@@ -3,8 +3,8 @@
 =head1 NAME
 
 SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg,
-SSL_get_servername_type, SSL_get_servername - handle server name indication
-(SNI)
+SSL_get_servername_type, SSL_get_servername,
+SSL_set_tlsext_host_name - handle server name indication (SNI)
 
 =head1 SYNOPSIS
 
@@ -17,6 +17,8 @@ SSL_get_servername_type, SSL_get_servername - handle server name indication
  const char *SSL_get_servername(const SSL *s, const int type);
  int SSL_get_servername_type(const SSL *s);
 
+ int SSL_set_tlsext_host_name(const SSL *s, const char *name);
+
 =head1 DESCRIPTION
 
 The functionality provided by the servername callback is superseded by
@@ -39,16 +41,24 @@ SSL_get_servername_type() returns the servername type or -1 if no servername
 is present. Currently the only supported type (defined in RFC3546) is
 B<TLSEXT_NAMETYPE_host_name>.
 
+SSL_set_tlsext_host_name() sets the server name indication ClientHello extension
+to contain the value B<name>. The type of server name indication extension is set
+to B<TLSEXT_NAMETYPE_host_name> (defined in RFC3546).
+
 =head1 NOTES
 
 Several callbacks are executed during ClientHello processing, including
 the early, ALPN, and servername callbacks.  The early callback is executed
 first, then the servername callback, followed by the ALPN callback.
 
+The SSL_set_tlsext_host_name() function should only be called on SSL objects
+that will act as clients; otherwise the configured B<name> will be ignored.
+
 =head1 RETURN VALUES
 
 SSL_CTX_set_tlsext_servername_callback() and
 SSL_CTX_set_tlsext_servername_arg() both always return 1 indicating success.
+SSL_set_tlsext_host_name() returns 1 on success, 0 in case of error.
 
 =head1 SEE ALSO
author	Paul Yang <yang.yang@baishancloud.com>	2017-06-28 15:46:13 +0800
committer	Rich Salz <rsalz@openssl.org>	2017-07-28 11:51:59 -0400
commit	190b9a03b72a8029c27e4bd0ab000129e240a413 (patch)
tree	9d0c1d44825c86a1ce1b2a7e3008072cdf7617f9 /doc
parent	3ca1f892a7d94fb1595408f5fe80dee51dceb3b8 (diff)